Check That Certificate

Presented at BSidesLV 2015, Aug. 4, 2015, 2 p.m. (25 minutes).

Why are developers frequently disabling certification validation in their software? Is it because they are lazy or just plain imbecile? We decided to find out by writing examples to demonstrate certificate checking in as many languages as possible. We found that it was difficult to do properly in the best of libraries, and had catastrophic failure in anything less. There are even a few instances of the libraries built in functions getting it horribly wrong.


Presenters:

  • Jacob Jernigan
    Jacob Jernigan works for DigitalOcean on the support team where he ensures customers have the best support experience possible. Previously, he worked as a system administrator at a small information security consultancy. Outside of work, you will find him researching information security, learning programming, and cycling around the City of Seattle.
  • Andrew Sorensen
    Andrew lives in Seattle, WA and works as a Security Consultant at Leviathan Security Group. Andrew is the creator of WLNet and LocalCoast, under which he develops software. Andrew holds a Bachelor's of Science in Computer Science and is most interested in new methodologies for solving computer security problems. In his spare time, Andrew researches different areas of security, works on his data and automation platform (WLNet Dataview) and tinkers with electronics.

Links:

Similar Presentations: